Unable to use self-signed certs

[Masorubka1]

When attempting to connect to an OAuth2 token endpoint over HTTPS secured by a self-signed certificate, there is no supported mechanism to inject a pre-configured HTTP/TLS client into the oauth2 request pipeline. Even when building a reqwest::Client with certificate verification disabled, the OAuth2 crate continues to perform standard TLS validation and rejects the server’s certificate.

Reproduction:
1. Configure an OAuth2 flow using oauth2::BasicClient.
2. Build a reqwest::Client with danger_accept_invalid_certs(true) or a custom root CA.
3. Attempt any token exchange (e.g. client credentials or authorization code grant).
4. Observe a certificate validation failure (e.g. “unknown CA” or “certificate verify failed”).

[syorito-hatsuki]

When attempting to connect to an OAuth2 token endpoint over HTTPS secured by a self-signed certificate, there is no supported mechanism to inject a pre-configured HTTP/TLS client into the oauth2 request pipeline. Even when building a reqwest::Client with certificate verification disabled, the OAuth2 crate continues to perform standard TLS validation and rejects the server’s certificate.

Reproduction: 1. Configure an OAuth2 flow using oauth2::BasicClient. 2. Build a reqwest::Client with danger_accept_invalid_certs(true) or a custom root CA. 3. Attempt any token exchange (e.g. client credentials or authorization code grant). 4. Observe a certificate validation failure (e.g. “unknown CA” or “certificate verify failed”).

As soon as I remember you never should use self signed certs. You CertBot instead, it's free and most common way